haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/core
History
Thomas Huth e423455c4f hw/core/loader: Fix possible crash in rom_copy() 
Both, "rom->addr" and "addr" are derived from the binary image
that can be loaded with the "-kernel" paramer. The code in
rom_copy() then calculates:

    d = dest + (rom->addr - addr);

and uses "d" as destination in a memcpy() some lines later. Now with
bad kernel images, it is possible that rom->addr is smaller than addr,
thus "rom->addr - addr" gets negative and the memcpy() then tries to
copy contents from the image to a bad memory location. This could
maybe be used to inject code from a kernel image into the QEMU binary,
so we better fix it with an additional sanity check here.

Cc: qemu-stable@nongnu.org
Reported-by: Guangming Liu
Buglink: https://bugs.launchpad.net/qemu/+bug/1844635
Message-Id: <20190925130331.27825-1-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2019-10-01 11:42:27 +02:00
..
bus.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
cpu.c cputlb: Remove cpu->mem_io_vaddr 2019-09-25 10:56:28 -07:00
empty_slot.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
fw-path-provider.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
generic-loader.c hw/core: Move cpu.c, cpu.h from qom/ to hw/core/ 2019-08-21 13:24:01 +02:00
hotplug.c call HotplugHandler->plug() as the last step in device realization 2018-10-19 13:44:12 +02:00
irq.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
Kconfig hw/core: Add a config switch for the generic loader device 2019-08-20 09:11:17 +02:00
loader-fit.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
loader.c hw/core/loader: Fix possible crash in rom_copy() 2019-10-01 11:42:27 +02:00
machine-hmp-cmds.c numa: move numa global variable nb_numa_nodes into MachineState 2019-09-03 11:26:55 -03:00
machine-qmp-cmds.c qapi: report the default CPU type for each machine 2019-09-03 14:39:46 -03:00
machine.c virtio,vhost: fixes, features, cleanups. 2019-09-04 17:22:34 +01:00
Makefile.objs hw/core: Move cpu.c, cpu.h from qom/ to hw/core/ 2019-08-21 13:24:01 +02:00
nmi.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
null-machine.c hw/core: Move cpu.c, cpu.h from qom/ to hw/core/ 2019-08-21 13:24:01 +02:00
numa.c numa: move numa global variable numa_info into MachineState 2019-09-03 11:26:55 -03:00
or-irq.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
platform-bus.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
ptimer.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
qdev-fw.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
qdev-properties-system.c audio: add audiodev properties to frontends 2019-08-21 09:13:37 +02:00
qdev-properties.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
qdev.c qdev/machine: Introduce hotplug_allowed hook 2019-09-16 06:57:24 -04:00
register.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
reset.c qemu/queue.h: leave head structs anonymous unless necessary 2019-01-11 15:46:55 +01:00
split-irq.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
stream.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
sysbus.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
trace-events loader: Trace loaded images 2019-09-18 10:18:51 +01:00
uboot_image.h Support u-boot noload images for arm as used by, NetBSD/evbarm GENERIC kernel. 2019-01-07 15:46:20 +00:00
vm-change-state-handler.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h 2019-08-16 13:37:36 +02:00